The international non-profit digital rights organization, Electronic Frontier Foundation (EFF), recently announced the fruition of a project that has ongoing since 2009, to switch all internet hypertext from insecure HTTP to the more secure HTTPS protocol.
Working with Mozilla, Cisco, Akamai, IdenTrust, and researchers at the University of Michigan, EFF has created a simple, one click solution to enable all webmasters to obtain a Transport Layer Security (TLS) certificate with a “single click.”
Currently the difficulties in obtaining a TLS certificate and configuring it properly is the main reason that sites keep using HTTP instead of HTTPS, and as anyone who has used the internet in recent years knows getting it correct and is beyond the reach of many sites, as we’ve all seen errant warning popups indicating that the site you’re trying to visit has a a problem with its security certificate.
EFF has launched a new certificate authority project, called Let’s Encrypt, which will provide TLS certificates for free, and auto-install and configure on any website, and eliminates the complexity, bureaucracy, and cost of the certificates that up until now, running a site with HTTPS requires.
The HTTP SSL protocol has had a good run, but it is inherently insecure. Users and site owners alike face a myriad of perils, from account hijacking to malicious scripts, surreptitious surveillance to identify theft. In one fell swoop, Let’s Encrypt promises remove all barriers to implementation of HTTPS, theoretically making the internet a safer place, and will likely result in a measurable traffic penalty for those sites that lag in their implementation of this more secure encryption protocol.